From aadaad68888217c76e06adf633a4d8b97d39779e Mon Sep 17 00:00:00 2001
From: Krzysztof Gajewski <krzysztof.gajewski@nokia.com>
Date: Mon, 15 Feb 2021 23:41:16 +0100
Subject: Add JWT support in HTTP/HTTPS based locations - integration

Issue-ID: DCAEGEN2-2536
Signed-off-by: Krzysztof Gajewski <krzysztof.gajewski@nokia.com>
Change-Id: I334c66c025e1f3ef59393c3a0fe69493d4a3b5fa
---
 .../http-https-server/Dockerfile-http-https        |   8 +++--
 .../http-https-server/README.md                    |   5 +++
 .../apache2/conf/extra/httpd-ssl.conf              |  34 +++++++++++++++++++++
 .../http-https-server/apache2/conf/httpd.conf      |  29 +++++++++++++++++-
 .../http-https-server/apache2/lib/libjwt.so.1.7.0  | Bin 0 -> 133400 bytes
 .../apache2/modules/mod_authnz_jwt.so              | Bin 0 -> 146696 bytes
 .../http-https-server/docker-compose.yml           |   6 +++-
 7 files changed, 78 insertions(+), 4 deletions(-)
 create mode 100755 test/mocks/datafilecollector-testharness/http-https-server/apache2/lib/libjwt.so.1.7.0
 create mode 100644 test/mocks/datafilecollector-testharness/http-https-server/apache2/modules/mod_authnz_jwt.so

(limited to 'test/mocks/datafilecollector-testharness/http-https-server')

diff --git a/test/mocks/datafilecollector-testharness/http-https-server/Dockerfile-http-https b/test/mocks/datafilecollector-testharness/http-https-server/Dockerfile-http-https
index c1f85596c..5a5037f3e 100644
--- a/test/mocks/datafilecollector-testharness/http-https-server/Dockerfile-http-https
+++ b/test/mocks/datafilecollector-testharness/http-https-server/Dockerfile-http-https
@@ -1,15 +1,19 @@
-FROM httpd:alpine
+FROM httpd:2.4
 
-RUN apk update
+RUN apt-get update
 
 ENV APACHE_LOG_DIR /usr/local/apache2/logs
 
 COPY --chown=root:root apache2/conf /usr/local/apache2/conf
 COPY --chown=root:root apache2/conf/extra /usr/local/apache2/conf/extra
+COPY --chown=root:root ./apache2/lib/libjwt.so.1.7.0 /usr/lib/x86_64-linux-gnu/libjwt.so.1
+COPY --chown=root:root ./apache2/modules/mod_authnz_jwt.so /usr/local/apache2/modules/mod_authnz_jwt.so
 
 RUN chmod 644 /usr/local/apache2/conf/.htpasswd
 RUN chmod 644 /usr/local/apache2/conf/httpd.conf
 RUN chmod 644 /usr/local/apache2/conf/extra/httpd-ssl.conf
+RUN chmod 644 /usr/lib/x86_64-linux-gnu/libjwt.so.1
+RUN chmod 644 /usr/local/apache2/modules/mod_authnz_jwt.so
 
 RUN mkdir /usr/local/apache2/certs
 RUN chown root:root /usr/local/apache2/certs
diff --git a/test/mocks/datafilecollector-testharness/http-https-server/README.md b/test/mocks/datafilecollector-testharness/http-https-server/README.md
index 77e701175..7902c09d9 100644
--- a/test/mocks/datafilecollector-testharness/http-https-server/README.md
+++ b/test/mocks/datafilecollector-testharness/http-https-server/README.md
@@ -30,3 +30,8 @@ by using 'docker ps' and stop them if necessary.
 # Cleaning docker structure
 
 Deep cleaning: `docker system prune`
+
+# mod_authnz_jwt.so
+
+External library `mod_authnz_jwt.so` was added to the Apache server. This library wasn't changed in any way.
+This library is supplied under the Apache License, Version 2.0 (the "License").
diff --git a/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/extra/httpd-ssl.conf b/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/extra/httpd-ssl.conf
index f4caf357e..24cf51da3 100644
--- a/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/extra/httpd-ssl.conf
+++ b/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/extra/httpd-ssl.conf
@@ -1,5 +1,6 @@
 Listen 443
 Listen 8080
+Listen 32100
 
 SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
 SSLProxyProtocol all -SSLv3
@@ -63,3 +64,36 @@ SSLSessionCacheTimeout  300
     SSLCertificateFile /usr/local/apache2/certs/keystore.pem
     SSLCertificateKeyFile /usr/local/apache2/certs/key.pem
 </VirtualHost>
+<VirtualHost *:32100>
+
+	ServerAdmin httpserver-onap.org
+    ServerName httpserver-onap.org
+
+    DocumentRoot /usr/local/apache2/htdocs
+	AuthJWTSignatureAlgorithm HS256
+	AuthJWTSignatureSharedSecret Q0hBTkdFTUU=
+    AuthJWTIss onap
+	<Directory "/usr/local/apache2/htdocs">
+        AllowOverride None
+        Options Indexes FollowSymLinks MultiViews
+        AuthType jwt
+        AuthName "Restricted Content"
+        Require valid-user
+        RewriteEngine On
+        RewriteCond %{HTTP:Authorization} ^(.*)
+        RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+    </Directory>
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	SSLEngine on
+	SSLProtocol -all +TLSv1.2
+	SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+   	SSLHonorCipherOrder off
+    SSLSessionTickets off
+
+	SSLCACertificateFile /usr/local/apache2/certs/truststore.pem
+    SSLCertificateFile /usr/local/apache2/certs/keystore.pem
+    SSLCertificateKeyFile /usr/local/apache2/certs/key.pem
+</VirtualHost>
diff --git a/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/httpd.conf b/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/httpd.conf
index ef3ce95f7..58892c461 100644
--- a/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/httpd.conf
+++ b/test/mocks/datafilecollector-testharness/http-https-server/apache2/conf/httpd.conf
@@ -50,6 +50,7 @@ ServerRoot "/usr/local/apache2"
 #
 #Listen 12.34.56.78:80
 Listen 80
+Listen 32000
 
 #
 # Dynamic Shared Object (DSO) Support
@@ -63,6 +64,7 @@ Listen 80
 # Example:
 # LoadModule foo_module modules/mod_foo.so
 #
+LoadModule auth_jwt_module modules/mod_authnz_jwt.so
 LoadModule mpm_event_module modules/mod_mpm_event.so
 #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
 #LoadModule mpm_worker_module modules/mod_mpm_worker.so
@@ -196,7 +198,7 @@ LoadModule dir_module modules/mod_dir.so
 #LoadModule speling_module modules/mod_speling.so
 #LoadModule userdir_module modules/mod_userdir.so
 LoadModule alias_module modules/mod_alias.so
-#LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule rewrite_module modules/mod_rewrite.so
 
 <IfModule unixd_module>
 #
@@ -299,6 +301,31 @@ ServerAdmin you@example.com
         AuthUserFile /usr/local/apache2/conf/.htpasswd
         Require valid-user
     </Directory>
+
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+<VirtualHost *:32000>
+
+	ServerAdmin httpserver-onap.org
+	DocumentRoot "/usr/local/apache2/htdocs"
+
+	AuthJWTSignatureAlgorithm HS256
+	AuthJWTSignatureSharedSecret Q0hBTkdFTUU=
+    AuthJWTIss onap
+	<Directory "/usr/local/apache2/htdocs">
+		AllowOverride None
+        Options Indexes FollowSymLinks MultiViews
+        AuthType jwt
+        AuthName "Restricted Content"
+        Require valid-user
+        RewriteEngine On
+        RewriteCond %{HTTP:Authorization} ^(.*)
+        RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+	</Directory>
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
 </VirtualHost>
 #
 # DirectoryIndex: sets the file that Apache will serve if a directory
diff --git a/test/mocks/datafilecollector-testharness/http-https-server/apache2/lib/libjwt.so.1.7.0 b/test/mocks/datafilecollector-testharness/http-https-server/apache2/lib/libjwt.so.1.7.0
new file mode 100755
index 000000000..b22c52786
Binary files /dev/null and b/test/mocks/datafilecollector-testharness/http-https-server/apache2/lib/libjwt.so.1.7.0 differ
diff --git a/test/mocks/datafilecollector-testharness/http-https-server/apache2/modules/mod_authnz_jwt.so b/test/mocks/datafilecollector-testharness/http-https-server/apache2/modules/mod_authnz_jwt.so
new file mode 100644
index 000000000..2e2e834e0
Binary files /dev/null and b/test/mocks/datafilecollector-testharness/http-https-server/apache2/modules/mod_authnz_jwt.so differ
diff --git a/test/mocks/datafilecollector-testharness/http-https-server/docker-compose.yml b/test/mocks/datafilecollector-testharness/http-https-server/docker-compose.yml
index 09b698f89..4e6263ee7 100644
--- a/test/mocks/datafilecollector-testharness/http-https-server/docker-compose.yml
+++ b/test/mocks/datafilecollector-testharness/http-https-server/docker-compose.yml
@@ -4,17 +4,21 @@ services:
 
   http-https-server:
     container_name: http-https-server-httpd
-    image: httpd:alpine
+    image: httpd:2.4
     environment:
       APACHE_LOG_DIR: /usr/local/apache2/logs
     ports:
       - "80:80"
       - "443:443"
       - "8080:8080"
+      - "32000:32000"
+      - "32100:32100"
     volumes:
       - ./apache2/conf/.htpasswd:/usr/local/apache2/conf/.htpasswd:ro
       - ./apache2/conf/httpd.conf:/usr/local/apache2/conf/httpd.conf:ro
       - ./apache2/conf/extra/httpd-ssl.conf:/usr/local/apache2/conf/extra/httpd-ssl.conf:ro
+      - ./apache2/lib/libjwt.so.1.7.0:/usr/lib/x86_64-linux-gnu/libjwt.so.1:ro
+      - ./apache2/modules/mod_authnz_jwt.so:/usr/local/apache2/modules/mod_authnz_jwt.so:ro
       - ./../certservice/generated-certs/apache-pem:/usr/local/apache2/certs:ro
       - ./files/onap/http:/usr/local/apache2/htdocs
     restart: on-failure
-- 
cgit 1.2.3-korg